Git authentication fails after enabling 2FA
GitGithubTwo Factor-AuthenticationGit Problem Overview
I just enabled 2FA (I can't think of any other changes I made) and git asked for my username and password. I provided both, but they were "wrong". I tried many of the solutions here: https://stackoverflow.com/questions/6565357/git-push-requires-username-and-password but that didn't work. In particular, when switching from https to ssh, the ssh key gives
Permission denied (publickey). fatal: Could not read from remote repository.
$ git push
warning: push.default is unset; its implicit value is changing in
Git 2.0 from 'matching' to 'simple'. To squelch this message
and maintain the current behavior after the default changes, use:
git config --global push.default matching
To squelch this message and adopt the new behavior now, use:
git config --global push.default simple
See 'git help config' and search for 'push.default' for further information.
(the 'simple' mode was introduced in Git 1.7.11. Use the similar mode
'current' instead of 'simple' if you sometimes use older versions of Git)
Username for 'https://github.com': **********
Password for 'https://[email protected]':
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/mlbileschi/scala.git/'
Any tips?
Git Solutions
Solution 1 - Git
You need to generate an access token. You can create one by going to your settings page.
Use this access token as your password in the command line.
Solution 2 - Git
An end-to-end solution takes 3 steps.
-
Kudos to Gergo Erdosi. His answer is largely right, it is just that Github changes that setting page. As of late 2016, you need to generate an access token from your Personal access tokens page.
Use this access token as your password in the command line.
-
You can persist your user name by including it into your project remote url. One of the way to do it is to edit your
.git/config
to modify theurl
line into the following format:url = https://[email protected]/owner/repo.git
-
You can persist your password by run this for one time only:
$ git config credential.helper store
and then your future git password(s) will be stored in ~/.git-credentials, in plaintext, using the format
https://user:[email protected]
.Storing password(s) in plaintext would normally be considered as a security risk. But in this 2FA case, the credential is NOT your real password, it is a randomly generated string. So it is as secure as using
a ssh private keya passphrase-less ssh private key. CAVEAT: keep in mind that, if you happen to also use another git account(s) without 2FA on this machine, those real password(s) will also be stored in plaintext.
PS: Alternatively, you could choose to use ssh-based login, using a passphrase-protected ssh private key, which would be more secure and less convenient, but it is outside the scope of this answer.
Solution 3 - Git
You can set an SSH key (on both Linux and Windows)
> Note for Windows users
> Make sure HOME
environment variable is defined and set on your user's directory
> e.g. C:\Users\jossef
(learn more)
1) Generating a new SSH key (source)
Open terminal / cmd and paste the text below, (replace with your GitHub email address)
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
2) Link the public key to your GitHub account
-
On Linux / macOS, run in terminal:
cat ~/.ssh/id_rsa.pub
-
On Windows, run in cmd:
type %HOME%\.ssh\id_rsa.pub
This will output the public key:
ssh-rsa AAAAB3NzaC1y ... mKAKw== [email protected]
Navigate to https://github.com/settings/keys
- Click
New SSH Key
- Give it a title
- Copy-paste the public key from the previous command output
3) Change git origin from https://
to ssh
Open terminal / cmd and cd
to your cloned repository directory and run:
git remote set-url origin git@github.com:<github username>/<repository name>
Solution 4 - Git
I had a similar problem. I had to alter the url used in the git command to include my username.
git push https://[email protected]/mlbileschi/scala.git
Then when it asks for PW use the access token you created from following the instructions in Gergo Erdosi's answer.
Solution 5 - Git
If you are already using ssh keys, after enabling 2FA it will enforce you to read/write remote with SSH. You don't really need to add personal tokens rather keep using your existing SSH key pair.
Just change your remote url from HTTPS to SSH:
git remote set-url origin git@github.com:<github-username>/<repo-name>
Solution 6 - Git
2021 update
Not sure if this is going to work for everyone but updating my git version from 2.27.0 to the latest one (currently 2.30.0) solved my issue, whereas trying to use a personal access token as a password in the command line didn't.
After the update, when trying to push, I was prompted to login into GitHub through the browser, instead of typing my credentials in a dialog or in the command line.
Solution 7 - Git
This worked for me:
-
Go to [your-git-repo]/.git/config
-
Under
[remote "origin"]
Change theURL
key from http protocol to git.
Example
If the value of url
is https://github.com/<repo-url>.git change it to [email protected]:<repo-url>.git
Solution 8 - Git
This worked for me after enabling 2FA on Github:
-
Create a Personal Access Token: https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.
NOTE: Remember to select the correct permissions for the token. -
Run:
git clone https://github.com/username/repo.git
Username:your_username
Password:your_token
Further reading: https://help.github.com/en/github/using-git/which-remote-url-should-i-use
Solution 9 - Git
I was facing this problem on existing repo when I enabled 2FA(two factor authentication) for one of my private repos. I was able to solve it following below steps on my ubuntu 19.0 terminal:-
-
Add your ssh key to github so that you dont need to use your password again,as now you have enabled 2FA.Visit github page to know how to do it easily.
-
Once key is added, go to your terminal, and update the origin url
git remote set-url origin [email protected]:<USERNAME>/<BRANCH-NAME>
Thats it.Hope it helps
Solution 10 - Git
I came across this issue when switching to an old laptop. Really the issue was just that I was running an old version of git. Once I updated to the most recent version of git with the new cross platform credential manager it was able to sign me w/ 2FA perfectly fine (looks like it automatically creates a PAT for you).